1. Field
The present invention relates to the field of data security. More particularly, this invention relates to an electronic system and method for controlling access to stored information through enforcement of an improved user authentication technique.
2. General Background
In today""s society, it has become necessary to protect information stored within a computer in order to prevent unauthorized persons from downloading information onto a floppy disk, digital tape or other type of storage device. In certain situations, this information may be sensitive in nature such as a trade secret or privileged information. The importance of controlling user access to information stored on a computer has encouraged the creation of different access control mechanisms.
Many conventional access control mechanisms are operating system (OS) dependent. For example, in a computer-based password mechanism, user authentication involves the OS requesting the user to manually enter a password after completion of the boot process. The password may be entered via an alphanumeric keyboard or a keypad. If the entered password matches a password locally stored at system configuration of the computer, the user is granted access to the stored information.
Another type of access control mechanism is a smartcard authentication mechanism. Smartcards are an attractive approach for user authentication due to their convenient form factor and their ease of use. However, similar to the other control access mechanisms, user authentication is based on the correct operations of the OS initiating an exchange of messages with the smartcard.
These above-described user authentication protocols are subject to a number of disadvantages. For example, due to their OS dependency, they are subject to deliberate virus-based corruption, which could result in the installation of a backdoor to circumvent the authentication software. More specifically, the virus may modify the xe2x80x9cloginxe2x80x9d portion of the OS so that when a special key combination or sequence is entered, user authentication functionality would be entirely bypassed.
Another conventional access control mechanism involves the Basic Input/Output System (BIOS). At start-up, BIOS code is executed by a processor and an entered password is compared with a preprogrammed password stored in battery-backed memory of the BIOS. If the entered password matches a preprogrammed password, the user is granted access to information stored within the computer. This user authentication protocol is subject to (i) deliberate virus-based corruption, (ii) the physical removal and substitution of the memory device containing the BIOS code, and/or (iii) electrical shortage of pins associated with the battery-backed memory in order to bypass user authentication.
Hence, it is desirable for a more robust user authentication technique, independent of the operations of the OS, for controlling access to stored information.
Briefly, one embodiment of the present invention relates to a Basic Input/Output System (BIOS) device. The BIOS device comprises an internal memory and a state machine. The internal memory contains a BIOS code. The state machine controls access to a portion of the BIOS code in response to authentication of a portable token in communication with the state machine.